Monthly Archives: January 2012

BSides Detroit 12 Interviews 04

This week we talk with Steven Fox. His approach is best described as cross-disciplinary; combining his experience in information technology with principles from behavioral/organizational psychology. In this podcast, Steven discusses his views on Detroit, what he is doing to launch BSides Detroit 2012, and his talk on social engineering.

Abstract: This presentation will describe a psychological framework that informs a social engineer’s reconnaissance, pretext formulation, and social exploit activities. A case study will illustrate the use of the Social Engineer’s Toolkit, Maltego, and Google Hacking to collect information that contributed to a successful engagement. Attendees will learn how to analyze information for psychological and social indicators that enable a social engineer to model a target’s culture. They will also learn how social engineers use this model to identify opportunities for social exploits.

This episode is cross-posted at Rats and Rogues.

BSides Detroit 12 Interviews 03

This week’s guest is Rafal Los (@Wh1t3Rabbit). His talk was pretty good last year, and he’s planning on coming back this year. We also get to chat about what makes a good podcast, and Rafal shares some things he learned while hosting Down the Security Rabbithole.

Abstract: An unfortunate number of enterprises build their foundations on a false sense of security. They’ve implemented technical defensive measures, written policies, and have procedures for response – and they feel ‘secure’. The problem is – until they’ve actively tested these out in real-world scenarios much like disaster recovery drills, they have no idea how well-prepared they really are for when the worst strikes. Perhaps more importantly, they have no idea where things will strain and break and as a result cannot compensate. As Information Security leaders often find themselves playing whack-a-mole with compliance, business requirements and resource challenges it can be easy to fall into a sense that everything is under control because on paper the security posture looks good – but how certain are you? Validating human and technical controls, policy elements and response procedures is vital to the prepared enterprise. It is true that the only way to design a safe vehicle is to repeatedly crash and re-design it until it meets minimum safety requirements, but all of this must be done before the car is allowed to crash in a real wreck. Unfortunately, most enterprises simply go by what they’ve planned on paper and it’s not until they wreck in the real world do they find out how poorly prepared they are. This talk will expose the audience to the issues of having unproven security and untested defenses in today’s threat landscape… and encourage CISOs to “break more” to provide their leadership with a better level of assurance of preparedness than they have today. We will provide a framework and step-by-step plan to design, test, and learn from ‘crash data’ to build a truly resilient, responsive and ultimately more risk-averse enterprise.

This episode is cross-posted at Rats and Rogues.

BSides Detroit 12 Interviews 02

This week, we speak with the graphics designer who is refreshing BSides Detroit’s image for 2012. Michael Galligan works with White Haired Man, who is sponsoring BSides Detroit 12.

This episode is cross-posted at Rats and Rogues.

BSides Detroit 12 Interviews 01

No Justin on this spin. But he did do a great job on some of the editing. This episode has J. Wolfgang Goerlich (@jwgoerlich) as our BSides Detroit interviewer.

This episode is a peek behind the curtain on BSides Detroit, and how and why it is the way it is. What changes are coming, and where the 2011 organizers want to see it to go.

So join us as we talk with Ryan Harp and Kyle Creyts as the four of us talk about Detroit’s security conference. If you want to contact the BSides Detroit organizers

Episode 2 should go live Wednesday Jan 11. We will talk to the person creating the new logo to and reshaping the BSides Detroit brand.

This episode is cross-posted at Rats and Rogues.